We got findings from the last PEN test that all file extension are allowable to upload on the app. Is it possible to filter the file extensions to be uploaded? Thank you.
Hi Joseph
Yes this is possible by programmatically checking the extension of the file being uploaded here:
You can use an if statement to check if the extension being upload is one of the acceptable extensions. If not then handle and terminate the flow.
However, my recommendation would be to switch to this forge component here. This other component has been validated by community experts and follows best practices for security & code quality. It will also very easily allow you to define the acceptable extensions as string (e.g. ".pdf, .doc, .docx") in one of the input parameters of the web block:
Regards,
Ossama
Hi Joseph,
I hope you are great mate.
You can achieve this one with JavaScript also please refer below link for your reference,
https://www.daniweb.com/programming/web-development/threads/169399/filtering-the-file-extensions-in-fileupload-control
Kind Regards,
Ajit kurane